Foundry DeFi Stablecoin CodeHawks Audit Contest

Cyfrin

DeFiFoundry

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Should not revert because of liquidator's health factor

0x9527

Summary

During the entire liquidation process, the financial health of the liquidator will not undergo any changes.After the liquidation is completed, the financial health of the liquidator will be examined. If the liquidator's account balance is less than the health value, the entire transaction will be rolled back.I believe that even if the liquidator has a bad debt, they should still have the right to conduct liquidations.

Vulnerability Details

Here is my test case:
1.delete update answer to 0 in MockMoreDebtDSC burn function:

function burn(uint256 _amount) public override onlyOwner {

// We crash the price

- MockV3Aggregator(mockAggregator).updateAnswer(0);

uint256 balance = balanceOf(msg.sender);

if (_amount <= 0) {

revert DecentralizedStableCoin__AmountMustBeMoreThanZero();

}

if (balance < _amount) {

revert DecentralizedStableCoin__BurnAmountExceedsBalance();

}

super.burn(_amount);

}

2.Foundry test code:

function testRevertBecauseOfLiquidatorHealthFactor() public {

// Arrange - Setup

MockMoreDebtDSC mockDsc = new MockMoreDebtDSC(ethUsdPriceFeed);

tokenAddresses = [weth];

feedAddresses = [ethUsdPriceFeed];

address owner = msg.sender;

vm.prank(owner);

DSCEngine mockDsce = new DSCEngine(

tokenAddresses,

feedAddresses,

address(mockDsc)

);

mockDsc.transferOwnership(address(mockDsce));

// Arrange - User

vm.startPrank(user);

ERC20Mock(weth).approve(address(mockDsce), amountCollateral);

mockDsce.depositCollateralAndMintDsc(weth, amountCollateral, amountToMint);

vm.stopPrank();

// Arrange - Liquidator

collateralToCover = 1 ether;

ERC20Mock(weth).mint(liquidator, collateralToCover);

vm.startPrank(liquidator);

ERC20Mock(weth).approve(address(mockDsce), collateralToCover);

uint256 debtToCover = 10 ether;

mockDsce.depositCollateralAndMintDsc(weth, collateralToCover, amountToMint);

mockDsc.approve(address(mockDsce), debtToCover);

// Act

int256 ethUsdUpdatedPrice = 18e8; // 1 ETH = $18

MockV3Aggregator(ethUsdPriceFeed).updateAnswer(ethUsdUpdatedPrice);

// Revert Because of Liquidator Health Factor<<<<<<<<<<

vm.expectRevert(abi.encodeWithSelector(DSCEngine.DSCEngine__BreaksHealthFactor.selector, mockDsce.getHealthFactor(liquidator)));

mockDsce.liquidate(weth, user, debtToCover);

vm.stopPrank();

}

Impact

1.If the liquidator has bad debt, the liquidation process cannot be successfully executed
2.The liquidator cannot liquidate their own bad debt.

Tools Used

manul

Recommendations

delete _revertIfHealthFactorIsBroken in liquidate

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

236

64 USDC / LOC

High Medium

14,000 USDC

Low

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.